Apply suggestions from code review

app/konnect/gateway-manager/data-plane-nodes/secure-communications.md

@@ -3,12 +3,12 @@ title: Secure Control Plane and Data Plane Communications
 content_type: how-to
 ---
 
-{{site.konnect_short_name}} uses a mutual TLS handshake (mTLS) to secure communication between the control plane and data plane nodes. {{site.konnect_short_name}} control planes support data planes authenticating either with a certificate keypair (aka ‘pinned cert’) or use a certificate signed by a CA (aka PKI).
-* **Pinned Certificates**: The data planes authenticate to control plane using a shared certificate. For this option, the control plane and data plane nodes are provisioned with the same certificate. The control plane validates that the data planes establish connection using the pinned certificate. 
-* **Public Key Infrastructure (PKI) Certificates**: The data planes can establish connection using digital certificates signed by a certificate authority (CA). The control plane must be provisioned with the CA certificate. Konnect uses this certificate to build a chain of trust by verifying the certificates presented by the data planes.  If there are intermediate authorities issuing the certificates, the data plane nodes must include the intermediate certificates while establishing connection to control plane.
+{{site.konnect_short_name}} uses a mutual TLS handshake (mTLS) to secure communication between the control plane and data plane nodes. {{site.konnect_short_name}} control planes support data planes authenticating either with a certificate key pair (a pinned certificate) or a certificate signed by a CA (a PKI certificate).
+* **Pinned certificates**: The data planes authenticate to the control plane using a shared certificate. For this option, the control plane and data plane nodes are provisioned with the same certificate. The control plane validates that the data planes established connection using the pinned certificate. 
+* **Public Key Infrastructure (PKI) certificates**: The data planes can establish connection using digital certificates signed by a certificate authority (CA). The control plane must be provisioned with the CA certificate. {{site.konnect_short_name}} uses this certificate to build a chain of trust by verifying the certificates presented by the data planes.  If there are intermediate authorities issuing the certificates, the data plane nodes must include the intermediate certificates while establishing connection to the control plane.
 
-## Certificate Chain 
-You need to upload enough of the certificate chain in the control plane so that the control plane can trust the certificate in the data plane request and authenticate.
+## Certificate chain 
+You must upload enough of the certificate chain in the control plane so that the control plane can trust the certificate in the data plane request and authenticate.
 
 Consider the following scenarios with this example cert chain:
 
@@ -18,11 +18,11 @@ Consider the following scenarios with this example cert chain:
 | `cert2`     | Intermediary | Issued by Root           |
 | `cert3`     | Root         | Issued by Root (Self-signed) |
 
-* **Upload only cert1 to the control plane**: This is the Pinned certificate. You can include just `cert1` in your data plane request and not include the chain. The control plane doesn’t need to evaluate the issuer because it trusts the cert itself.
+* **Upload only cert1 to the control plane**: This is the pinned certificate. You can include just `cert1` in your data plane request and not include the chain. The control plane doesn’t need to evaluate the issuer because it trusts the cert itself.
 * **Upload only cert2 to the control plane**: This would mean any cert coming in that has (issuer: intermediary) would be trusted. You can include just `cert1` in your data plane request. The control plane would trust any certificate issued by the intermediary public key. 
 * **Upload only cert3 to the control plane**: This is the typical PKI case. It means any cert signed by the root is trusted. However, since `cert1` is signed by an intermediary and `cert2` is signed by root, you need to include both `cert1` and `cert2` in your data plane request. The control plane would trust the whole chain because `cert2` is issued by `cert3` and `cert1` is issued by `cert2`.
 
-## Konnect Certificate Utility
+## Generate certificates in {{site.konnect_short_name}} 
 {{site.konnect_short_name}} offers a helper utility to get started with securing control plane / data plane communications. Using the quick start flow, a certificate keypair is generated. Data planes can establish a connection with this certificate keypair (aka ‘pinned cert’). Alternatively, the Generate Certificates option in the UI generates a CA allowing data planes to connect using a certificate signed by that CA (aka PKI). 
 
-Certificates generated by {{site.konnect_short_name}} have a 10 year validity. If you bring your own certificates, make sure to review the expiration date and associated metadata. See Renew Certificates for a Data Plane Node for more details.
+Certificates generated by {{site.konnect_short_name}} are valid for 10 years. If you bring your own certificates, make sure to review the expiration date and associated metadata. See [Renew Certificates for a Data Plane Node](/konnect/gateway-manager/data-plane-nodes/renew-certificates/) for more details.